<html>
<head><meta charset="utf-8"><title>Padding bytes UB · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html">Padding bytes UB</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="178202740"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178202740" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178202740">(Oct 15 2019 at 15:11)</a>:</h4>
<p>So, I could use a quick refresher on what the current UCG consensus is regarding observation of padding bytes.</p>



<a name="178202924"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178202924" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178202924">(Oct 15 2019 at 15:13)</a>:</h4>
<p>I think I remember that reading from padding bytes was UB, which makes sense as it kind of naturally falls out from the idea that reading from uninitialized memory is UB. But I'm not sure how such a contract can be still considered tenable when it means that e.g. memcpy-ing a struct from one memory location to another is UB.</p>



<a name="178203050"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178203050" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178203050">(Oct 15 2019 at 15:15)</a>:</h4>
<p>(unless memcpy has special superpowers that allow it to ignore the fact that observing padding bytes is UB, in which case I could be interested in figuring out how I can get similar superpowers in code other than the implementation of memcpy)</p>



<a name="178203140"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178203140" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178203140">(Oct 15 2019 at 15:16)</a>:</h4>
<p>Which means that moving Rust objects around is UB, since our moves are basically memcpy, again unless the compiler has special superpower to move objects with padding the safe way.</p>



<a name="178203522"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178203522" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178203522">(Oct 15 2019 at 15:20)</a>:</h4>
<p>It seems to me that memcpy would somehow need to implement the elusive <code>freeze</code> semantics that can magically turn uninitialized bytes into non-deterministic valid bytes.</p>



<a name="178309147"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178309147" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178309147">(Oct 16 2019 at 17:16)</a>:</h4>
<blockquote>
<p>So, I could use a quick refresher on what the current UCG consensus is regarding observation of padding bytes.</p>
</blockquote>
<p>in my view, it is that there's no such thing as "padding bytes" in the memory of the rust abstract machine. so "observing padding bytes" is kind of an ill-typed question.<br>
see <a href="https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics">https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics</a> for all the glory details.</p>



<a name="178309172"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178309172" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178309172">(Oct 16 2019 at 17:16)</a>:</h4>
<p>but if we ignore some details, reading from padding is the same as reading uninitialized memory</p>



<a name="178309192"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178309192" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178309192">(Oct 16 2019 at 17:16)</a>:</h4>
<p>and that's decidedly not UB. see <a href="https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics">https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics</a> for the details.</p>



<a name="178309225"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178309225" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178309225">(Oct 16 2019 at 17:17)</a>:</h4>
<p>the reason that <code>let b: bool = mem::uninitialized()</code> is UB is not that we read uninit memory. it's that we constructed a <code>bool</code> that is not valid.</p>



<a name="178309244"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178309244" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178309244">(Oct 16 2019 at 17:17)</a>:</h4>
<p>this requires thinking of Rust memory as storing an <code>Option&lt;u8&gt;</code> for each location (tracking initializedness)</p>



<a name="178309256"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178309256" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178309256">(Oct 16 2019 at 17:17)</a>:</h4>
<p>and then the validity invariant for <code>bool</code> says that <code>None</code> is not valid</p>



<a name="178311403"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178311403" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178311403">(Oct 16 2019 at 17:42)</a>:</h4>
<p>however, all types (currently) rule out uninit bytes in their validity invariant. the only places where reading uninit bytes is <em>not</em> UB is <code>MaybeUninit</code>, and when the uninit byte is a padding byte of the type used for the access</p>



<a name="178311495"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178311495" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178311495">(Oct 16 2019 at 17:43)</a>:</h4>
<p>I should have prefaced: the key mindset here is that <em>memory is untyped</em> (just a sequence of uninterpreted <code>Option&lt;u8&gt;</code> -- okay actually sth more complicated than that but good enough for now), but <em>operations are types</em> (when doing a load at type <code>T</code>, you take the sequence of raw bytes and interpret them according to the rules of type <code>T</code> -- and <em>types</em> have padding, but memory does not)</p>



<a name="178314945"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178314945" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178314945">(Oct 16 2019 at 18:17)</a>:</h4>
<p>Then, to bring this closer to my underlying use case, how would you implement memcpy() in a UB-free way that still allows the implementation of Rust's move operation?</p>



<a name="178315004"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178315004" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178315004">(Oct 16 2019 at 18:17)</a>:</h4>
<p>(Knowing that during a Rust move operation the memcpy operation may be used to copy the internal representation of a certain type T, which has uninitialized padding bytes)</p>



<a name="178315682"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178315682" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178315682">(Oct 16 2019 at 18:25)</a>:</h4>
<p>I think what I'm trying to do is to implement the equivalent of the "typed copy" operation that you are describing in <a href="https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics">https://github.com/rust-lang/unsafe-code-guidelines/blob/master/wip/value-domain.md#the-role-of-the-value-representation-in-the-operational-semantics</a> .</p>



<a name="178315793"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178315793" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178315793">(Oct 16 2019 at 18:26)</a>:</h4>
<p>I don't really want to preserve the value of the padding bytes. It just happens that I am not the Rust compiler, and therefore have no knowledge of where they are and cannot cautiously implement a custom memcpy operation that refrains from reading from them.</p>



<a name="178315866"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178315866" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178315866">(Oct 16 2019 at 18:27)</a>:</h4>
<p>(even though I know what the type T which I am in the process of copying is, I don't know its layout)</p>



<a name="178316157"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316157" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316157">(Oct 16 2019 at 18:30)</a>:</h4>
<blockquote>
<p>Then, to bring this closer to my underlying use case, how would you implement memcpy() in a UB-free way that still allows the implementation of Rust's move operation?</p>
</blockquote>
<p>you mean implement inside Rust? By copying <code>MaybeUninit&lt;u8&gt;</code>, bytewise</p>



<a name="178316163"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316163" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316163">(Oct 16 2019 at 18:30)</a>:</h4>
<p>but that's not the same as a Rust move</p>



<a name="178316181"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316181" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316181">(Oct 16 2019 at 18:31)</a>:</h4>
<p>Rust's move is typed, <code>memcpy</code> is untyped</p>



<a name="178316225"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316225" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316225">(Oct 16 2019 at 18:31)</a>:</h4>
<p>it is <em>correct</em> to use <code>memcpy</code> to implement Rust's move, but not "complete" -- as in, you make some undefined programs defined by doing that replacement.</p>



<a name="178316330"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316330" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316330">(Oct 16 2019 at 18:32)</a>:</h4>
<p>Rust's move can be done in unsafe code using <code>dest.write(src.read())</code>, where <code>dest: *mut T</code> and <code>src: *const T</code> and <code>T</code> is the type at which you want to do the ("typed") copy</p>



<a name="178316456"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316456" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316456">(Oct 16 2019 at 18:34)</a>:</h4>
<p>Mmmm... the thing is, this is inside of Abomonation, and I need to send the bytes to a Write implementation. Which may do all kind of strange and wonderful and IO-ish things with them. And then at the end someone somewhere will get an &amp;[u8] and deserialize it into an &amp;T.</p>



<a name="178316477"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316477" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316477">(Oct 16 2019 at 18:34)</a>:</h4>
<p>So I cannot use MaybeUninit&lt;u8&gt;, nor copy from *const T to *mut T, because the Write interface expects u8s...</p>



<a name="178316491"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316491" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316491">(Oct 16 2019 at 18:34)</a>:</h4>
<p>I guess I'm stuck with UB here, until / if ever Rust gets a freeze() operation.</p>



<a name="178316738"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178316738" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178316738">(Oct 16 2019 at 18:37)</a>:</h4>
<p>Then I can transmute &amp;T into &amp;[MaybeUninit&lt;u8&gt;], freeze the bytes to get &amp;[u8], and send that to whatever Write implementation I was given.</p>



<a name="178319991"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178319991" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Hadrien Grasland <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178319991">(Oct 16 2019 at 19:17)</a>:</h4>
<p>Posted a summary on the abomonation bugtracker, feel free to cross-check and correct it : <a href="https://github.com/TimelyDataflow/abomonation/issues/32" target="_blank" title="https://github.com/TimelyDataflow/abomonation/issues/32">https://github.com/TimelyDataflow/abomonation/issues/32</a></p>



<a name="178321214"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178321214" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178321214">(Oct 16 2019 at 19:33)</a>:</h4>
<p>yeah, using <code>[u8]</code> to represent "any kind of data" is (currently) wrong</p>



<a name="178321261"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178321261" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178321261">(Oct 16 2019 at 19:34)</a>:</h4>
<p>you're not alone in making that mistake though; libstd's <code>Read</code> trait also did it^^</p>



<a name="178321302"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding%20bytes%20UB/near/178321302" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/Padding.20bytes.20UB.html#178321302">(Oct 16 2019 at 19:35)</a>:</h4>
<p>IMO this is actually strong motivation to <em>not</em> make that immediate UB, but <a href="https://github.com/rust-lang/unsafe-code-guidelines/issues/71" target="_blank" title="https://github.com/rust-lang/unsafe-code-guidelines/issues/71">https://github.com/rust-lang/unsafe-code-guidelines/issues/71</a> kind of stalled (mostly needs a write-up)</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>